Store Tokens | javascript save token
SecuringSPAsthatmakeAPIcallscomewiththeirownsetofconcerns.Youllneedtoensurethattokensandothersensitivedataarenotvulnerabletocross-sitescripting[1](XSS)andcantbereadbymaliciousJavaScript.Tolearnmore,seeJWTHandbook[2]andTheUltimateGuidetoNext.jsAuthenticationwithAuth0[3].WhenyourebuildingaNext.jsapplication,authenticationmightbeneededinthefollowingcases:WhenaccessingapageWhenaccessinganAPIrouteWhenyourapplicationcallsanAPIhostedoutsideofyourNext.jsapplicationonbehalfoftheuserWhereaserverisavai...
Securing SPAs that make API calls come with their own set of concerns. Youll need to ensure that tokens and other sensitive data are not vulnerable to cross-site scripting[1] (XSS) and cant be read by malicious JavaScript.
To learn more, see JWT Handbook[2] and The Ultimate Guide to Next.js Authentication with Auth0[3].
When youre building a Next.js application, authentication might be needed in the following cases:
When accessing a page
When accessing an API route
When your application calls an API hosted outside of your Next.js application on behalf of the user
Where a server is available, your app can handle the interaction with Auth0 and create a session, but in this model, we dont have a backend. All of the work happens on the frontend:
The user is redirected to Auth0.
When the user is successfully signed in, they will be redirected back to the application.
The client-side will complete the code exchange with Auth0 and retri...